The Criminal Finances Act received royal assent on 27 April 2017. Among other measures, the Act introduces a new corporate criminal offence of failing to prevent the facilitation of tax evasion (CCO).
- The new offence concerns when an ‘associated person’, such as an employee, agent, contractor or subsidiary, facilitates the evasion of tax of a third party whilst acting on behalf of the business. The intention of the legislation is to attribute criminal liability to businesses for the criminal acts of employees, agents or those that provide services for or on their behalf.
- If that business (defined as ‘relevant body’) cannot evidence that it had reasonable preventative procedures in place to prevent the facilitation of tax evasion by persons acting on its behalf then it could be subject to a corporate criminal conviction and an unlimited fine. Whilst UK legislation, the impact is far reaching and could result in overseas businesses being prosecuted. The legislation defines a relevant body as “a body corporate or partnership (wherever incorporated or formed)”
- It is expected that, regardless of the result of the upcoming general election, the next Government will take all necessary steps to make the new offence effective from September 2017.
- HMRC is not expecting organisations to put in place fail-safe procedures to stop clients and customers from committing tax evasion, or stopping the de facto tax evasion itself. Rather, it expects businesses taking a risk-based approach and to be doing all that is ‘reasonable’ to prevent their people, service providers and third parties from being knowingly concerned in facilitating the tax evasion of third parties around the world.
- The repercussions if found guilty of the new corporate criminal offence are likely to have long-standing consequences – for regulated businesses for example, systematic failures in systems and controls will not be viewed favourably and could result in licences being revoked in some jurisdictions.
- Further, organisations may find themselves barred from public procurement processes, see directors disqualified under existing laws, and face reputational damage.
- By September 2017, HMRC expects all businesses to have identified, documented and categorised the specific risks of facilitation of tax evasion across their organisation, and devised a plan on how each will be addressed.
What are ‘reasonable procedures’ to prevent the facilitation of tax evasion?
Businesses should put in place procedures that are proportionate to the risks they face, using HMRC’s six principles as a guide:
- Risk assessment
- Proportionality of risk-based prevention procedures
- Top level commitment
- Due diligence
- Communication
- Monitoring and review
What constitutes ‘reasonable’ is likely to be the crux for tax, compliance and legal teams over the coming months.
- The expectations of what is ‘reasonable’ are likely to develop, with businesses having to adapt their systems and controls on an ongoing basis.
- The approach taken by the UK Government mirrors that adopted in the 2010 Bribery Act and as is the case with that Act, the line of defence for the new CCO rests on whether a business’ preventative procedures are deemed sufficient in proportion to the risks.
Global reach of the legislation
- The reach of the legislation is international and wide-ranging, and will for many organisations require a global approach.
- Many businesses are still at the very early stages of understanding the impact of the legislation. Any group which either has a business in the UK, has people acting on its behalf in the UK, or transacts with UK-based persons needs to consider the new requirements. The entity can be based overseas, the facilitation can arise overseas, and the evasion can be of overseas tax.
Risk assessment – the first response
- The risk assessment drives the response to the legislation – until a business identifies where its risks arise, it is impossible to know whether existing controls address the risk. Before building a plan for introducing reasonable procedures, it is advisable that a risk assessment is undertaken to ensure that the response is proportionate.
- A logical starting point is to risk assess business operations, considering the geographies, divisions, products, supplies, relationships and motivations which can result in a risk. Identifying the ‘associated persons’ of the business, and the risks of facilitation can ensure a focus on key risk areas. It can also be helpful to consider who the counter-parties to transactions are who could be potentially evading tax and then identify where facilitation could arise, for example customers, suppliers, and employees.
- As risks are identified and prioritised, existing controlling procedures can then also be identified and evaluated for design and operational effectiveness. A plan can then be built to address any gaps in controlling procedures and deliver a proportionate response aligned to the remaining guiding principles. Any response should include top-level commitment from the organisation as well as communication (likely to be through training).
WHAT TO CONSIDER
- Have you established a robust methodology for undertaking a risk assessment for the CCO and have supported a number of businesses to build a proportionate response to the legislation.
- Do you have access to a multidisciplinary team of tax, legal, internal audit, financial crime and fraud investigations professionals who can support the businesses and CCO as they seek to understand their exposure to this risk and develop their response.
- The risk assessment provides the platform to build on the existing control framework and deliver a plan to include top-level commitment, policy development, training, monitoring and testing which addresses the risks identified.
Examples of some of the key questions we can work with you to resolve as you build your response include:
- Who in the organisation will take ownership of compliance with the legislation, for example tax, compliance, legal or a combination of these functions?
- What does ‘reasonable’ mean in the context of the size and industry sector of the business?
- Who are the associated persons of the business?
- Where are the highest risk roles, divisions or geographies in the organisation?
- Are whistle-blowing systems in place and, if so, are they sufficient?
- How do you build on existing policies and training programmes to deliver a proportionate response to the risks identified?
- How will any allegations of the facilitation of tax evasion be assessed and investigated?
- How will you document and regularly review your procedures?